OpenVAS Libraries
9.0.3
|
#include <glib.h>
Go to the source code of this file.
Macros | |
#define | OPENVAS_DROP_PRIVILEGES g_quark_from_static_string ("openvas-drop-privileges-error-quark") |
The GQuark for privilege dropping errors. More... | |
#define | OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
#define | OPENVAS_DROP_PRIVILEGES_OK 0 |
#define | OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
#define | OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
#define | OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
#define | OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
#define | OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
Functions | |
int | drop_privileges (gchar *username, GError **error) |
Naive attempt to drop privileges. More... | |
#define OPENVAS_DROP_PRIVILEGES g_quark_from_static_string ("openvas-drop-privileges-error-quark") |
The GQuark for privilege dropping errors.
Definition at line 35 of file drop_privileges.h.
#define OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
Definition at line 38 of file drop_privileges.h.
Referenced by drop_privileges().
#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
Definition at line 43 of file drop_privileges.h.
#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
Definition at line 44 of file drop_privileges.h.
#define OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
Definition at line 41 of file drop_privileges.h.
#define OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
Definition at line 45 of file drop_privileges.h.
#define OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
Definition at line 42 of file drop_privileges.h.
#define OPENVAS_DROP_PRIVILEGES_OK 0 |
Definition at line 40 of file drop_privileges.h.
int drop_privileges | ( | gchar * | username, |
GError ** | error | ||
) |
Naive attempt to drop privileges.
We try to drop our (root) privileges and setuid to
username | to minimize the risk of privilege escalation. The current implementation is somewhat linux-specific and may not work on other platforms. | |
[in] | username | The user to become. Its safe to pass "NULL", in which case it will default to "nobody". |
[out] | error | Return location for errors or NULL if not interested in errors. |
error | otherwise and returns the error code. |
Definition at line 79 of file drop_privileges.c.
References OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET.